From 994e866cf2ad3b84882e7070e7097ee5553130e1 Mon Sep 17 00:00:00 2001
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
Date: Sun, 3 Nov 2024 21:18:34 +0100
Subject: [PATCH] Fix memory leak in php_openssl_pkey_from_zval()

Closes GH-16691.
---
 NEWS                                          |  1 +
 ext/openssl/openssl.c                         |  1 +
 .../php_openssl_pkey_from_zval_leak.phpt      | 23 +++++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 ext/openssl/tests/php_openssl_pkey_from_zval_leak.phpt

diff --git a/NEWS b/NEWS
index fadcea21068..72b3d645cf9 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,7 @@ PHP                                                                        NEWS
 - OpenSSL:
   . Prevent unexpected array entry conversion when reading key. (nielsdos)
   . Fix various memory leaks related to openssl exports. (nielsdos)
+  . Fix memory leak in php_openssl_pkey_from_zval(). (nielsdos)
 
 - PDO:
   . Fixed memory leak of `setFetchMode()`. (SakiTakamachi)
diff --git a/ext/openssl/openssl.c b/ext/openssl/openssl.c
index 4a8aca8f999..9e703f75863 100644
--- a/ext/openssl/openssl.c
+++ b/ext/openssl/openssl.c
@@ -3533,6 +3533,7 @@ static EVP_PKEY *php_openssl_pkey_from_zval(
 		} else {
 			ZVAL_COPY(&tmp, zphrase);
 			if (!try_convert_to_string(&tmp)) {
+				zval_ptr_dtor(&tmp);
 				return NULL;
 			}
 
diff --git a/ext/openssl/tests/php_openssl_pkey_from_zval_leak.phpt b/ext/openssl/tests/php_openssl_pkey_from_zval_leak.phpt
new file mode 100644
index 00000000000..2b19dd31115
--- /dev/null
+++ b/ext/openssl/tests/php_openssl_pkey_from_zval_leak.phpt
@@ -0,0 +1,23 @@
+--TEST--
+php_openssl_pkey_from_zval memory leak
+--EXTENSIONS--
+openssl
+--FILE--
+<?php
+
+class StrFail {
+    public function __toString(): string {
+        throw new Error('create a leak');
+    }
+}
+
+$key = ["", new StrFail];
+try {
+    openssl_pkey_export_to_file($key, "doesnotmatter");
+} catch (Error $e) {
+    echo $e->getMessage(), "\n";
+}
+
+?>
+--EXPECT--
+create a leak